Re: GPO and Remote Users

From: Steve Bray (steve.bray(removethis)_at_vca.gov.uk)
Date: 07/27/04

  • Next message: Dmitry Korolyov [MVP]: "Weird problem with Windows Messenger 5.0" 
    Date: Tue, 27 Jul 2004 09:24:06 +0100

    I read on another post in this newsgroup that you can use the following cmd
    to add users and that it can be added to the startup/shutdown scripts of a
    GPO to automate this process:

    net localgroup "local group name" "domain\group name" /add

    Do scripts that exist on a DC get replicated to BDC's automatically or do we
    need to copy to them to each BDC?

    Steve

    "Steve Bray" <steve.bray(removethis)@vca.gov.uk> wrote in message
    news:ulzQ3q6cEHA.3896@TK2MSFTNGP10.phx.gbl...
    > Cheers for that.
    >
    > Steve
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:KCbNc.33859$eM2.2725@attbi_s51...
    > > By default logon on with cached credentials is enabled. You could also
    add
    > the users
    > > domain account to the local power users group on their computer which
    may
    > accomplish
    > > what you need, though to remove and add devices they may need to be in
    the
    > local
    > > administrators group which gives them a lot of power on their local
    > computer , but
    > > you may not have any other option. Keep in mind that both power users
    and
    > local
    > > administrators can create local users [if they know how] and if they
    logon
    > with local
    > > user accounts, user configuration Group Policy from the domain will not
    > apply to
    > > them. You can also configure Local Security Policy on a computer via
    > gpedit.msc
    > > which will apply to ALL users that logon with local accounts which may
    > help prevent
    > > the idle curious from changing settings that may cause problems on their
    > computer.---
    > > Steve
    > >
    > > "Steve" <steve.bray@vca.gov.uk> wrote in message
    > > news:426a01c47324$f22ba520$a601280a@phx.gbl...
    > > > We need our notebook users who login to their notebooks
    > > > with a cached copy of their domain profile when out of the
    > > > office to have the same sort of rights as the Power User
    > > > would have i.e. install software, add/remove devices etc.
    > > >
    > > > If this is possible how is it done?
    > > >
    > > > Steve
    > >
    > >
    >
    >

  • Next message: Dmitry Korolyov [MVP]: "Weird problem with Windows Messenger 5.0"

    Relevant Pages

    • Re: GPO and Remote Users
      ... By default logon on with cached credentials is enabled. ... Keep in mind that both power users and local ... which will apply to ALL users that logon with local accounts which may help prevent ...
      (microsoft.public.win2000.group_policy)
    • Re: GPO and Remote Users
      ... Steve ... > By default logon on with cached credentials is enabled. ... > domain account to the local power users group on their computer which may ... > user accounts, user configuration Group Policy from the domain will not ...
      (microsoft.public.win2000.group_policy)
    • Re: Auto logoff
      ... I think you will have to decide whether or not to have logon ... restrictions on those accounts. ... --- Steve ... >> have to exempt their computers from having logon hours enforced or ...
      (microsoft.public.win2000.security)
    • Re: User Login
      ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
      (microsoft.public.windows.server.active_directory)
    • Re: logon/power-users group question
      ... users to the power users group (via My computer>Properties>Computer ... and then logon to the computer with that account to bypass domain ... > You can limit logon to domain computers in a couple of ways. ...
      (microsoft.public.windows.server.security)